Year: 2019

Tesla reported Wednesday a profit of $139 million, or $0.78 a share, and better-than-expected sales, yet failed to meet analysts expectations for earnings in the fourth quarter. Shares, which initially fell after the markets closed, are now up 0.7 percent.

Tesla has managed to string together two profitable periods in a row thanks to sales of the Model 3 and despite several headwinds in the fourth quarter, including a non-cash charge of $54 million attributable to non-controlling interests, higher import duties on components from China, a price reduction for Model S and Model X in China, and the introduction of a lower-priced mid-range version of Model 3.

Tesla’s profitable fourth quarter lies in stark contrast to its financial position in the same period last year when it reported a loss of $675 million, or $1.75 a share.

Perhaps, just as important as the automaker’s income is its cash position. Tesla reported that its cash position improved by $1.45 billion despite the scheduled repayment of a $230 million convertible bond in the fourth quarter.

“We have sufficient cash on hand to comfortably settle in cash our convertible bond that will mature in March 2019,” the shareholder letter to investors said.

Here are a few of the highlights:

• Tesla’s Q4 operating cash flow less capital expenditures improved to $910 million
• Cash and cash equivalents increased by $718 million to hit $3.7 billion at the end of fourth quarter

In October, Tesla reported its first profit after seven consecutive quarters of losses. It was only the third time in its history that it had achieved this milestone.

Tesla reported January 2 that it delivered 90,700 vehicles during the fourth quarter, just shy of what analysts expected. The company said at the time, that it delivered 13,500 Model S sedans, 14,050 Model X SUVs and 63,150 Model 3s.

Microsoft announced its quarterly earnings today. For the most part, those earnings came in around Wall Streets expectations, without any major surprises and a total revenue of $32.5 billion. Given the company’s bets on cloud computing, what’s maybe most important, though, is that Azure recorded revenue growth of 76 percent. That’s the same growth the company booked in the last quarter and still respectable growth, but depending on your perspective, you can also read it as growth flatting out.

“Our strong commercial cloud results reflect our deep and growing partnerships with leading companies in every industry including retail, financial services, and healthcare,” said Satya Nadella, CEO of Microsoft. “We are delivering differentiated value across the cloud and edge as we work to earn customer trust every day.”

Azure falls into Microsoft’s “Intelligent Cloud” category, which includes other server products and enterprises services. In total, those services booked $9.4 billion in revenue, up 20 percent. Commercial cloud revenue was up 48 percent year-over-year.

As for the rest of the earnings, it’s worth noting that revenue from Microsoft’s Surface devices was up 39 percent, but that was expected, given the time of the year and the fact the company released a number of new devices in recent months. Gaming, too, was a strong area, with Xbox software and services up 31 percent.

You can find the full release here.

Facebook managed to beat Wall Street’s estimates in its Q4 earnings amidst a constant beat down in the press. Facebook hit 2.32 billion monthly users, up 2.2 perecent from 2.27 billion last quarter, speeding up its growth rate. Facebook climbed to 1.52 billion daily active users from 1.49 billion last quarter for a 2 percent growth rate that dwarfed last quarter’s 1.36 percent.

Facebook earned $16.91 billion off all those users with a $2.38 GAAP earnings per share. Those numbers handily beat Wall Street’s expectations of $16.39 billion in revenue and $2.18 GAAP earnings per share, plus 2.32 billion monthly and 1.51 billion daily active users. Facebook’s daily to monthly user ratio, or stickiness, held firm at 66 percent where it’s stayed for years, showing those still on Facebook aren’t using it much less.

Facebook shares had closed today at $150.42 but shot up over 9 percent following the record revenue and profit announcements to hover around $162. A big 30 percent year-over-year boost in average revenue per user in North America fueled those gains. Yet that’s still way down from $186 where it was a year ago and a peak of $217 in July.

CEO Mark Zuckerberg went beyond his usual intro to the earnings report where he assures investors things are going well and highlights new opportunities. This quarter he noted “We’ve fundamentally changed how we run our company to focus on the biggest social issues, and we’re investing more to build new and inspiring ways for people to connect.”

Squeezing Money From The Olds

Facebook managed to grow its DAU in both the critical US & Canada and Europe markets where it earns the most money after stagnation or shrinkage in previous quarters. The fact that Facebook is no longer dwindling it its most lucrative markets is surely contributing to its share price climb. Facebook’s monthly active user plateaued in North America but roared up in Europe. That was shored up by a reversal of last quarter’s decline in Rest Of World average revenue per user, which fell 4.7% in Q3 but bounced back with 16.5 percent growth in Q4.

 

Facebook raked in $6.8 billion in profit this quarter as it slowed down hiring and only grew headcount 5 percent from 33,606 to 35,587. It seems Facebook has gotten to a comfortable place with its security staff-up in the wake of election interference, fake news, and content moderation troubles. Its revenue is up 30 percent year-over-year while profits grew 61 percent, which is pretty remarkable for a 15-year old technology company.

But morale isn’t quite as rosy. It’s been a brutal quarter for Facebook At least its swifter user growth rates show Facebook survived its biggest ever data breach without scaring off too many people. Meanwhile it’s continuously struggled with scandals like hiring opposition research firm Definers, and it saw its new teen app Lasso largely flop. Facebook will have to convince investors it knows how to win back the next generation, or at least keep squeezong a lot more money out of the last one like it did in Q4.

Earlier this week, a bug was found in FaceTime that could let others listen in to your Apple device’s microphone (or, in specific cases, view video from the camera) without you accepting the FaceTime call.

Apple disabled the Group FaceTime feature that enabled this bug server-side, thus preventing its future misuse while they worked on a proper patch. Apple says that patch should land later this week, but it sounds like that won’t be the end of it for the company.

New York Attorney General Letitia James and Governor Andrew Cuomo have just announced their intent to investigate the matter — how it happened, and what they call Apple’s “slow response.”

While Apple responded with its temporary fix once the bug started going viral, reports suggest that at least two users — a 14-year-old from Arizona and his mother — had been trying to no avail to warn Apple of this matter for more than a week prior.

While bugs happen, this is a particularly egregious and mystifying one. It’s like the perfect storm of bugs — there’s the bug that turns on the microphone early, then a second stage of the bug that for some logic-defying reason turns on the camera if the call recipient hits the power button to try to decline the call. Then it slipped through QA. Then, finally, it gets noticed by someone with good intentions who tries many ways to bring it to Apple’s attention, unsuccessfully. It slowly spreads from person to person, then goes viral on Twitter. This is the kind of bug that people will be reading about in their software engineering textbooks for years.

We’ve reached out to Apple for comment on the investigation, but none was given at the time of publishing.

Spin, the electric scooter company recently bought by Ford, still won’t be able to operate in San Francisco. Well, at least for now. This comes after Spin appealed the San Francisco Municipal Transportation Agency’s decision regarding electric scooter permits in the city. A neutral officer, James Doyle, has since denied Spin’s appeal.

“The SFMTA is pleased the hearing officer validated our permitting process, which above all, prioritized the public interest,” SFMTA Communications Manager Ben Jose said in a statement to TechCrunch. “The SFMTA developed a fair, thoughtful and transparent permit program. Permits were awarded to the companies with the best applications that demonstrated a commitment to operating a safe, equitable and accountable service.”

There is, however, a silver lining for Spin. The hearing officer recommends the SFMTA consider having Spin participate in the second half of the one-year pilot program. That’s because “Spin appears to be an experienced and capable operator, and because allowing additional operators will enhance the probability of success of the powered e-scooter share program in San Francisco,” Doyle wrote in his decision.

Citing Section 916 of the electric scooter program, which states that after the initial six-month period, the SFMTA may evaluate those with permits and reassess compliance, Doyle says that provides a “natural juncture” in the program. After the first six months of the program, the SFMTA can potentially increase the number of scooters from the current max of 625 to 2,500. This juncture, Doyle said, should be able to accommodate the addition of other operators.

“We were heartened by the Hearing Officer’s strong recommendation that Spin be granted a permit by the SFMTA at the six-month mark of the pilot,” a Spin spokesperson told TechCrunch via email. “While it’s disappointing that Spin can’t immediately serve our hometown, we appreciate the Hearing Officer’s acknowledgment of our experience and capabilities, and we look forward to working with the SFMTA to serve more San Franciscans with an alternative mobility mode and hire locally from the community.”

Currently, Skip and Scoot are the only two companies permitted to operate electric scooters in SF. Since deploying their respective fleets in October, both have experienced some growing pains — mostly pertaining to theft and vandalism. That has led both Scoot and Skip to add locks to their fleets.

Moving forward, it’s unclear if the SFMTA will take the recommendation, but Jose said, “The SFMTA will be consulting with the City Attorney’s Office to determine next steps as we near the second half of the pilot.

In response to TechCrunch’s investigation of Facebook paying teens and adults to install a VPN that lets it analyze all their phone’s traffic, Senator Mark Warner (D-VA) has sent a letter to Mark Zuckerberg. It admonishes Facebook for not spelling out exactly what data the Facebook Research app was collecting or giving users adequate information necessary to determine if they should accept payment in exchange for selling their privacy. Following our report, Apple banned Facebook’s Research app from iOS and shut down its internal employee-only workplace apps too as punishment, causing mayhem in Facebook’s office.

Warner wrote to Zuckerberg, “In both the case of Onavo and the Facebook Research project, I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection. Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me,”

Warner is working on writing new laws to govern data collection initiatives like Facebook Research. He asks Zuckerberg, “Will you commit to supporting legislation requiring individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users?”

Meanwhile, Senator Richard Blumenthal (D-CT) provided TechCrunch with a fiery statement regarding our investigation. He calls Facebook anti-competitive, which could fuel calls to regulate or break up Facebook, says the FTC must address the issue, and that he’s planning to work with congress to safeguard teens’ privacy:

“Wiretapping teens is not research, and it should never be permissible. This is yet another astonishing example of Facebook’s complete disregard for data privacy and eagerness to engage in anti-competitive behavior. Instead of learning its lesson when it was caught spying on consumers using the supposedly ‘private’ Onavo VPN app, Facebook rebranded the intrusive app and circumvented Apple’s attempts to protect iPhone users. Facebook continues to demonstrate its eagerness to look over everyone’s shoulder and watch everything they do in order to make money. 

Mark Zuckerberg’s empty promises are not enough. The FTC needs to step up to the plate, and the Onavo app should be part of its investigation. I will also be writing to Apple and Google on Facebook’s egregious behavior, and working in Congress to make sure that teens are protected from Big Tech’s privacy intrusions.”

Facebook isn’t the only one paying users to analyze all their phone data. TechCrunch found that Google had a similar program called Screenwise Meter. Though it was more upfront about it, Google also appears to have violated Apple’s employee-only Enterprise Certificate rules. We may be seeing the start to an industry-wide crack down on market research surveillance apps that dangle gift cards in front of users to get them to give up a massive amount of privacy.

Warner’s full letter to Zuckerberg can be found below:

Dear Mr. Zuckerberg: 

I write to express concerns about allegations of Facebook’s latest efforts to monitor user activity. On January 29th, TechCrunch revealed that under the auspices of partnerships with beta testing firms, Facebook had begun paying users aged 13 to 35 to install an enterprise certificate, allowing Facebook to intercept all internet traffic to and from user devices.  According to subsequent reporting by TechCrunch, Facebook relied on intermediaries that often “did not disclose Facebook’s involvement until users had begun the signup process.” Moreover, the advertisements used to recruit participants and the “Project Disclosure” make no mention of Facebook or the commercial purposes to which this data was allegedly put.

This arrangement comes in the wake of revelations that Facebook had previously engaged in similar efforts through a virtual private network (VPN) app, Onavo, that it owned and operated. According to a series of articles by the Wall Street Journal, Facebook used Onavo to scout emerging competitors by monitoring user activity – acquiring competitors in order to neutralize them as competitive threats, and in cases when that did not work, monitor usage patterns to inform Facebook’s own efforts to copy the features and innovations driving adoption of competitors’ apps.  In 2017, my staff contacted Facebook with questions about how Facebook was promoting Onavo through its Facebook app – in particular, framing the app as a VPN that would “protect” users while omitting any reference to the main purpose of the app: allowing Facebook to gather market data on competitors.

Revelations in 2017 and 2018 prompted Apple to remove Onavo from its App Store in 2018 after concluding that the app violated its terms of service prohibitions on monitoring activity of other apps on a user’s device, as well as a requirement to make clear what user data will be collected and how it will be used. In both the case of Onavo and the Facebook Research project, I have concerns that users were not appropriately informed about the extent of Facebook’s data-gathering and the commercial purposes of this data collection.

Facebook’s apparent lack of full transparency with users – particularly in the context of ‘research’ efforts – has been a source of frustration for me. As you recall, I wrote the Federal Trade Commission in 2014 in the wake of revelations that Facebook had undertaken a behavioral experiment on hundreds of thousands of users, without obtaining their informed consent. In submitted questions to your Chief Operating Officer, Sheryl Sandberg, I once again raised these concerns, asking if Facebook provided for “individualized, informed consent” in all research projects with human subjects – and whether users had the ability to opt out of such research. In response, we learned that Facebook does not rely on individualized, informed consent (noting that users consent under the terms of the general Data Policy) and that users have no opportunity to opt out of being enrolled in research studies of their activity.  In large part for this reason, I am working on legislation to require individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users. 

Fair, robust competition serves as an impetus for innovation, product differentiation, and wider consumer choice. For these reasons, I request that you respond to the following questions: 

1.      Do you think any user reasonably understood that they were giving Facebook root device access through the enterprise certificate? What specific steps did you take to ensure that users were properly informed of this access? 

2.      Do you think any user reasonably understood that Facebook was using this data for commercial purposes, including to track competitors?

3.      Will you release all participants from the confidentiality agreements Facebook made them sign?

4.      As you know, I have begun working on legislation that would require large platforms such as Facebook to provide users, on a continual basis, with an estimate of the overall value of their data to the service provider. In this instance, Facebook seems to have developed valuations for at least some uses of the data that was collected (such as market research). This further emphasizes the need for users to understand fully what data is collected by Facebook, the full range of ways in which it is used, and how much it is worth to the company. Will you commit to supporting this legislation and exploring methods for valuing user data holistically?

5.      Will you commit to supporting legislation requiring individualized, informed consent in all instances of behavioral and market research conducted by large platforms on users?

I look forward to receiving your responses within the next two weeks. If you should have any questions or concerns, please contact my office at 202-224-2023.

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called internet of things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. They may not need to do much, but they still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud, and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture, or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security, or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home, or other standards. This may give users a false sense that they are in some way accredited, inspected, or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire or at least a short waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Making sure that the devices and of course your router are password protected, and take common sense measures like changing that password regularly.

You may think that the worst you’ll risk by buying a bargain-bin smart bulb or security camera will be a bit of extra trouble setting it up or a lack of settings. But it’s not just while they’re plugged in that these slapdash gadgets are a security risk — even from the garbage can, they can still compromise your network.

Although these so-called internet of things gadgets are small and rather dumb, they’re still full-fledged networked computers for all intents and purposes. They may not need to do much, but they still need to take many of the same basic precautions to prevent them from, say, broadcasting your private information unencrypted to the world, or granting root access to anyone walking by.

In the case of these low-cost “smart” bulbs investigated by Limited Results (via Hack a Day), the issue isn’t what they do while connected but what they keep onboard their tiny brains, and how.

All the bulbs they tested proved to have no real security at all protecting the information kept on the chips inside. After exposing the PCBs, they attached a few leads and in a moment each device would spit out its boot data and be ready to take commands.

The data was without exception totally unencrypted, including the wireless password to the network to which the device had been connected. One device also exposed its private RSA key, used to create secure connections to whatever servers it connects to (for example to check for updates, upload user data to the cloud, and so on). This information would be available to anyone who grabbed this bulb out of the trash, or stole it from an outdoor fixture, or bought it secondhand.

“Seriously, 90 percent of IoT devices are developed without security in mind. It is just a disaster,” wrote Limited Results in an email. “In my research, I have targeted four different devices : LIFX, XIAOMI, TUYA and WIZ (not published yet, very unkind people). Same devices, same vulnerabilities, and even sometimes exactly same code inside.”

Now, these particular bits of information exposed on these devices aren’t that harmful in and of themselves, although if someone wanted to, they could take advantage of it in several ways. What’s important to note is the utter lack of care that went into these devices — not just their code, but their construction. They really are just basic enclosures around an off-the-shelf wireless board, with no consideration given to safety, security, or longevity. And this type of thing is not by any means limited to smart bulbs.

These devices all proudly assert that they support Alexa, Google Home, or other standards. This may give users a false sense that they are in some way accredited, inspected, or otherwise held to basic standards.

In fact, in addition to all of them having essentially no security at all, one had its (conductive) metal shell insulated from the PCB only by a loose piece of adhesive paper. This kind of thing is an electrical fire or at least a short waiting to happen.

As with any other class of electronics, there’s always a pretty good reason why one is a whole lot cheaper than another. But in the case of a cheap CD player, the worst you’re going to get is skipping or a scratched disc. That’s not the case with a cheap baby monitor, a cheap smart outlet, a cheap internet-connected door lock.

I’m not saying you need to buy the premium version of every smart gadget out there — consumers need to be aware of the risks they are exposing themselves to with the installation of any such device, let alone a poorly made one.

If you want to limit your own risk, a simple step you can take is to have your smart home devices and such isolated on a subnet or guest network. Making sure that the devices and of course your router are password protected, and take common sense measures like changing that password regularly.

If you just tried to turn on your Xbox One and were met with nothing but a black screen: you’re not alone.

A particularly bad outage in Xbox Live’s core services is causing the console to get stuck at boot. Microsoft is aware of the outage, and says they’ve “identified the cause”.

The issue seems to be impacting enough users that even Microsoft’s server status page is having a hard time staying up.

Xbox Live outages happen from time to time, but it’s quite unusual for said outages to keep the entire console from booting. In most cases, the console would just boot and then fail to access online services. This has lead many to assume that their console, itself, had somehow broken — but, at least hopefully, they’ll boot right up once Microsoft untangles this mess of an outage.

Some users who are on wired connections report that their consoles boot up after the ethernet cable is unplugged. Others on wireless connections say turning off their routers (so the Xbox doesn’t try to connect to Live over WiFi) let them boot up.

Many reports say that factory resetting does not help, so don’t trouble yourself with that.

Update: Microsoft’s Mike Ybarra blames the issue on a “deployment error” (meaning they went to push some new code, and something broke along the way), and says rebooting your console “in a few minutes” should fix it.

If you just tried to turn on your Xbox One and were met with nothing but a black screen: you’re not alone.

A particularly bad outage in Xbox Live’s core services is causing the console to get stuck at boot. Microsoft is aware of the outage, and says they’ve “identified the cause”.

The issue seems to be impacting enough users that even Microsoft’s server status page is having a hard time staying up.

Xbox Live outages happen from time to time, but it’s quite unusual for said outages to keep the entire console from booting. In most cases, the console would just boot and then fail to access online services. This has lead many to assume that their console, itself, had somehow broken — but, at least hopefully, they’ll boot right up once Microsoft untangles this mess of an outage.

Some users who are on wired connections report that their consoles boot up after the ethernet cable is unplugged. Others on wireless connections say turning off their routers (so the Xbox doesn’t try to connect to Live over WiFi) let them boot up.

Many reports say that factory resetting does not help, so don’t trouble yourself with that.

Update: Microsoft’s Mike Ybarra blames the issue on a “deployment error” (meaning they went to push some new code, and something broke along the way), and says rebooting your console “in a few minutes” should fix it.